Integer values used in the following manner must be guranteed correct:
- As an array index
- In any pointer arithmetic
- As a length or size of an object
- As the bound of an array (for example, a loop counter)
- In security critical code
Integer values can be invalidated due to excpetional conditions such as overflow, truncation, or sign error leading to exploitable vulnerabilities. Failure to provide proper range checking can also lead to exploitable vulnerabilities.
Recommendations
Use size_t for all integer values representing the size of an object
Understand integer conversion rules
Rules
Do not make assumptions about the type of a bit-field when used in an expression
Guarantee that integer conversions do not result in lost or misinterpreted data
Guarantee that integer operations do not result in an overflow
Guarantee that division and modulo operations do not result in divide-by-zero errors